Who will sue you?

I’m sitting in Stacie LeGrow’s session on open source compliance. It’s interesting to hear this topic from Red Hat’s perspective, given that you’d think that Red Hat would have every incentive to let open source spread without restraint in an enterprise. But that’s not what I’m hearing. It’s bullish on open source, but also careful and pragmatic about a customer’s code.

Two things stuck out:

• Developers are going to bring open source into the enterprise, regardless of whether you think they can or will or not. They will. It’s therefore important to have a compliance program to ensure that they do so in a way that protects internal intellectual property, and to prevent IP infringement suits (she noted that patents cost ~$25,000 to obtain and $2-5M in legal fees to defend (!!).
• Stacie asked the question as to who is most likely to sue a customer over patent infringement. She (rightly) scuttled the notion that Microsoft is likely to sue. (Its business interests are inimical to suing its customers. Hence, its patent deal with Novell is largely posturing, and not real.)

  Instead (and interestingly – I hadn’t really thought about this), she suggested that it’s more likely to be a patent troll who brings suit. This, of course, is not specific to open source – trolls have no politics on open source. They’re just trolls. It’s therefore important to make sure your vendor can show the pedigree of its code (compliance program) and have some backup mechanism (indemnification, or something) in case a troll slips through, anyway.

Novell and Microsoft are responsible, grown-up companies. They’re not going to sue customers, making their “historic” agreement…not so historic.

But patent trolls…they’re another kettle of (rotting) fish. And there’s nothing inherent in open source that makes them more or less a threat. Stacie’s counsel to keep a tight (but flexible) watch on open source coming into an enterprise is wise, but I’m not sure there’s any good way to protect against trolls.